CVE-2018-19859
MEDIUMOpenRefine <3.2 - Path Traversal
Title source: llmDescription
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
Exploits (1)
nomisec
WORKING POC
1 stars
by WhiteOakSecurity · poc
https://github.com/WhiteOakSecurity/CVE-2018-19859
Scores
CVSS v3
6.5
EPSS
0.1061
EPSS Percentile
93.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (17)
openrefine/openrefine
1.0 (6 CPE variants)
openrefine/openrefine
1.0.1
openrefine/openrefine
1.0.2
openrefine/openrefine
1.0.3
openrefine/openrefine
1.0.5
openrefine/openrefine
1.0.6
openrefine/openrefine
1.0.7
openrefine/openrefine
1.1
openrefine/openrefine
2.0
openrefine/openrefine
2.1 (2 CPE variants)
... and 7 more
Published
Dec 05, 2018
Tracked Since
Feb 18, 2026